I have managed to fix this issue on the affected PC on my domain.I did 2 things:
- I used the PC BIOS to clear the TPM. I'm not sure if this was necessary, or if it was step 2 that fixed it. NOTE: If you use BitLocker, DO NOT DO THIS without knowing what you're doing and how to get the recovery key.
- I used gpedit to set the encryption types allowed for Kerberos on the affected client PC to RC4, AES128, AES256 and future encryption types.
With that change applied and the PC rebooted, I could login again with domain accounts.
I have no idea why only 1 domain joined PC required this on the upgrade to 24H2 when other PCs worked fine.
Hope that helps some of you!